Four new security advisories have been disclosed for Apache CXF. They are:
- CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM errors
- CVE-2014-0110: Large invalid content could cause temporary space to fill
- CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML Tokens as valid
- CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
Please see the security advisories page of Apache CXF for more information. Users are strongly encouraged to upgrade to the latest releases (2.6.14 and 2.7.11).